Skip to content

Fix CUR 2.0 export query and crawler IAM boundary#108

Merged
Alexanderamiri merged 1 commit into
mainfrom
fix/cur-export-and-crawler-boundary
Mar 26, 2026
Merged

Fix CUR 2.0 export query and crawler IAM boundary#108
Alexanderamiri merged 1 commit into
mainfrom
fix/cur-export-and-crawler-boundary

Conversation

@Alexanderamiri
Copy link
Copy Markdown
Member

@Alexanderamiri Alexanderamiri commented Mar 26, 2026

Summary

Fixes two CI failures from the CUR 2.0 deployment:

  1. CUR 2.0 query: SELECT * instead of explicit column names — CUR 2.0 column names differ from legacy CUR docs. The table_configurations block already controls what's included (DAILY granularity, RESOURCES, etc.)

  2. Crawler IAM role: Added permissions_boundary = var.org_boundary_arn — the org boundary requires all IAM roles to carry a boundary, otherwise iam:CreateRole is denied

Test plan

  • CI plan + apply succeeds
  • CUR export is created in us-east-1
  • Glue crawler role is created with boundary attached

@Alexanderamiri
Add Route53 hosted zones for java.no, javabin.no/com, teknologihuset.no
559a482 
Migrate DNS from Domeneshop to Route53 for all javaBin domains.
Registrar stays at Domeneshop — only DNS management moves to AWS.

Creates 4 hosted zones with all existing records:
- java.no: Google Workspace MX, SPF, DMARC, DKIM (Mailchimp/SendGrid),
  wildcard A, GitHub Pages subdomains
- javabin.no: MX forwarding to mail.java.no, DMARC
- javabin.com: DMARC only (+ Domeneshop default A/AAAA)
- teknologihuset.no: Google MX, Domeneshop email autodiscovery,
  CalDAV/CardDAV SRV records, GitHub org verification

After apply, NS records at Domeneshop need to be updated per domain
to complete the cutover. Migration order: javabin.com → javabin.no →
java.no → teknologihuset.no.
@Alexanderamiri Alexanderamiri requested a review from a team as a code owner March 26, 2026 23:07
@Alexanderamiri Alexanderamiri merged commit 5f36a60 into main Mar 26, 2026
6 checks passed
@Alexanderamiri Alexanderamiri deleted the fix/cur-export-and-crawler-boundary branch March 26, 2026 23:08
Alexanderamiri added a commit that referenced this pull request May 9, 2026
@Alexanderamiri
Fix CUR 2.0 export query and crawler IAM boundary (#108)
641f132 
## Summary

Fixes two CI failures from the CUR 2.0 deployment:

1. **CUR 2.0 query**: `SELECT *` instead of explicit column names — CUR
2.0 column names differ from legacy CUR docs. The `table_configurations`
block already controls what's included (DAILY granularity, RESOURCES,
etc.)

2. **Crawler IAM role**: Added `permissions_boundary =
var.org_boundary_arn` — the org boundary requires all IAM roles to carry
a boundary, otherwise `iam:CreateRole` is denied

## Test plan

- [ ] CI plan + apply succeeds
- [ ] CUR export is created in us-east-1
- [ ] Glue crawler role is created with boundary attached
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Alexanderamiri